Ransomware victim disclosure
← All victimsspw.ru
Claimed by Malas · listed 3 years ago
Status timeline
- ListedApr 9, 2023
- Data leakeddate unknown
At a glance
- Group
- Malas
- Status
- Data leaked
- Country
- Russia
- Sector
- Technology
- Listed on leak site
- Apr 9, 2023
About the victim
AI dossier — public-source company profileSPW.RU is a Russian online retailer and solutions provider specialising in MikroTik networking equipment, including routers, switches, Wi-Fi access points, radio bridges, VoIP, and optical transceivers. Based in Saint Petersburg, the company also offers Wi-Fi network design services, equipment rental, network audits, and certified MikroTik training courses (MTCNA, MTCRE, etc.). It serves both retail and wholesale customers across Russia.
- Industry
- Networking Equipment Retail & IT Training (MikroTik)
- Address
- г. Санкт-Петербург, ул. Уральская, д. 17, корпус 3, этаж 2, ст. м. «Василеостровская», Санкт-Петербург, Россия
Attack summary
Severity: medium — Data is confirmed published following exploitation of a Zimbra email server vulnerability, indicating real access and likely exfiltration of business email data. However, no large-scale regulated PII (medical, financial, government) is indicated, no ransom was stated, and no data volume was disclosed, limiting severity to medium.The Malas ransomware group claims to have attacked SPW.RU by exploiting a Zimbra vulnerability, indicating server-level access via the company's email platform. The status is listed as data_published, suggesting exfiltration and publication of data, though no specific data volume or ransom demand was stated.
Data the group says was taken
AI dossier — extracted from the leak post- Email server data (via Zimbra)
- Corporate email communications
- Potentially customer/order records
What the group claims
using Zimbra vulnerability
Sources
Source
Indexed 3 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

